I blogged again earlier, for the first time in quite a while. I use Jekyll for my blog which is hosted on Github pages. When I pushed the new post I was greeted by something I hadn’t seen before. A warning about security vulnerabilities in my dependencies, in this case the Gemfile.lock used by Ruby for dependency management.

vagrant

I remember reading about Github doing this before but i’d never actually seen it. Turns out that Github had found a security issue with a dependency in my Gemfile.lock. I updated Jekyll with bundle update jekyll, pushed up the changes and the alert was gone. Great work and great feature.